Why Europe May Be More at Risk From Hacking Than US

Maria Sovago | Special to CNBC.com

Wednesday, 27 Mar 2013 | 9:09 AM ETCNBC.com

SHARES

Source: MGM/Sony

Actor Daniel Craig as James Bond in Skyfall.

When James Bond's technology whiz "Q" told the British intelligence agent he could cause more chaos and destruction on his laptop than Bond could "in a year in the field", he was issuing a 21st century warning.

Bond movies have always focused on the prevailing threats of our times: Soviet counterintelligence agents and nuclear threats during the cold war, global terrorism post 9/11, and with the rise of cyber attacks, hackers.

But while media coverage of this cyber threat has been widespread in the United States, hacking has hardly made headlines in Europe.

Experts say this is mainly due to a difference in rules surrounding hacking, and warn that it exposes European companies to a greater risk of cyber attacks.

"In the U.S., due to the mandatory reporting, companies are forced to come out to report whenever a breach occurs," Seth Berman, London-based executive managing director of the American digital risk management and investigations firm Stroz Friedberg told CNBC.

"In the U.K., there are only some rules to record only certain types of data loss – for banks for example – and they only report to the regulator."

European companies perceive an attack as bad PR and avoid making the incidents public. Furthermore, Berman added that U.K.-based companies focus only on understanding how the breach occurred, but not on what data exactly was taken, leaving them vulnerable to further attacks.

Deloitte's latest security survey cites the lack of timely and accurate reporting of hacking attacks as a major concern, and urges companies to gather intelligence about cyber crime incidents in order to be able to improve their response planning.

By forcing companies to report in the U.S., the incidents garner a great deal of media attention. "It is legal obligation to notify people what data was taken," Berman said.

The intense media publicity raises awareness, and could prove key in the fight against cyber attacks.

Robert Schifreen, a former U.K.-based hacker told CNBC that a lack of vigilance leaves many companies exposed to the risk of an attack. Employees fail to use secure passwords and or fall victim to "spear phishing". Such scams targets a single user or department within an organization, and by clicking on the email attachment the employee may plant a malware onto the company's systems.

"One of the weak points in the defense is the ability to recognize that the biggest risk is the people. Often it is an employee's fault," Schiffreen, who later became a computer security consultant, said.

"Each employee holds the keys to the castle and must understand that responsibility," highlights Deloitte's security study.

In terms of specific threats, companies are most concerned about "denial of service" attacks, which intentionally overload targeted systems, making them impossible to access.

New trends in technology – mobile, cloud computing and outsourcing – are adding to the security risks.

In a world of smartphones and increasingly sophisticated gadgets, Bond's secret service has moved well beyond "exploding pens". "We don't do that these days," Q says in the latest Bond film. It is a sign of the times.